Process for loading a protected storage zone of an information processing device, and associated device
Abstract
The invention relates to a process for loading a protected storage zone of an information processing device, with confidential data and/or programs, and to the associated information processing device. The information processing device (1) includes a module (8) that includes a non-volatile memory having a protected zone (11) which is read-write accessible to a processing means (9) inside the module, but is at least write-protected from outside the module. The process executes a transfer of confidential information to the protected zone (11) from an analogous protected zone (27) of a portable object (21) with a structure similar to that of the module. The portable object is received in a portable object reader (6) which is provided in the information processing device.
Claims
exact text as granted — not AI-modifiedI claim:
1. A process for executing in an information processing device secure operations which require holding rights held by a first portable object, the information processing device comprising device processing means and device memory means for performing general nonsecure operations, and incorporating a security module which comprises module processing means and module memory means for performing specific secure operations, said module memory means being nonvolatile and read-write accessible to said module processing means but at least write-protected from outside the module, said first portable object comprising first object processing means and first object memory means for performing specific secure operations, said first object memory means being nonvolatile and read-write accessible to said first object processing means but at least write-protected from outside the first portable object, said rights being stored in said first object memory means, the process comprising the steps of: establishing communication between said first portable object and said information processing device; copying said rights from said first object memory means to said module memory means under control of said module processing means; stopping communication between said first portable object and said information processing device; using the information processing device in lieu of the first portable object within a predetermined limit of use to perform said secure operations which require possessing said rights, by requesting the information processing device to derive said rights from said security module; and inhibiting operation of said module under the control of said security module processing means when said predetermined limit of use has been reached.
2. The process as claimed in claim 1, wherein said first portable object memory means stores an object key, and said module memory stores a first module key correlated to the object key, wherein said step of copying rights from said first object memory means to said module memory means is executed only if a mutual cryptographic procedure based on said object key and first module key is successfully performed.
3. The process as claimed in claim 1, wherein said first object memory means stores an encryption key and an encryption algorithm while the module memory means stores a decryption key and a decryption algorithm respectively correlated to said encryption key and encryption algorithm, further comprising the steps of: encrypting said rights of said first portable object with said encryption key and encryption algorithm in the first portable object before copying; decrypting said rights of first portable object with said decryption key and decryption algorithm in the module memory means after copying.
4. A process for executing secure operations between a first portable object and a second portable object which require holding rights held by the first portable object by using an information processing device, the information processing device comprising device processing means and device memory means for performing general nonsecure operations, and incorporating a security module which comprises module processing means and module memory means for performing specific secure operations, said module memory means being nonvolatile and read-write accessible to module processing means but at least write-protected from outside the module, said first and second portable objects comprising respective first and second object processing means and first and second object memory means for performing specific secure operations, said first and second object memory means being nonvolatile and read-write accessible to first and second object processing means respectively but at least write-protected from outside the first and second portable objects respectively, said rights being stored in said first and second object memory means respectively, the process comprising the steps of: establishing communication between said first portable object and said information processing device; copying said rights from said first object memory means to said module memory means under the control of said module processing means; stopping communication between said first portable object and said information processing device; using the information processing device in lieu of the first portable object to perform said secure operations by cooperating with said second portable object and by requesting the information processing device to derive said rights from said module.
5. The process as claimed in claim 4, wherein said first object memory means stores an object key, and said module memory means stores a first module key correlated to the object key, wherein said step of copying rights from said first object memory means to said module memory means is executed only if a mutual cryptographic procedure based on said object key and first module key is successfully performed.
6. The process as claimed in claim 4, wherein said first object memory means store an encryption key and an encryption algorithm while the module memory means store a decryption key and a decryption algorithm respectively correlated to said encryption key and encryption algorithm, further comprising the steps of: encrypting said rights of said first portable object with said encryption key and encryption algorithm in the first portable object before copying; decrypting said rights of the first portable object with said decryption key and decryption algorithm in the module after copying.
7. The process of claim 4, for establishing a dialogue between the first and the second portable objects which requires the utilization of said rights of said first and said second portable objects, wherein, once the second portable object is cooperating with the information processing device, the module and the second portable object are connected using said rights of said first and second portable objects.
8. The process of claim 7, wherein said rights copied from said first portable object to said module comprise a first object key, and said rights of said second portable object comprise a second object key correlated to the first object key, and said dialogue comprises implementing a mutual cryptographic procedure based on said two object keys.
9. An information processing system for performing secure operations which require holding rights held by a first portable object, said system having an information processing device, the information processing device comprising device processing means and device memory means for performing general nonsecure operations, reader means for cooperating with a portable object, and incorporating a security module which comprises module processing means and module memory means for performing specific secure operations, said module memory means being nonvolatile and read-write accessible to module processing means but at least write-protected from outside the module, said first portable object comprising first object processing means and first object memory means for performing specific secure operations, said first object memory means being nonvolatile and read-write accessible to first object processing means but at least write-protected from outside the first portable object, said rights being stored in said first object memory means, said device processing means comprising: means for triggering and controlling a communication between said module and said first portable object through said reader means; means for copying said rights from said first object memory means to said module memory means under the control of said module processing means; means for stopping communication between first portable object and information processing device; means for performing said secure operations within a predetermined limit of use which require possessing said rights, by deriving said rights from said module in lieu of the first portable object; and means for inhibiting operation of said module under the control of said module processing means when said predetermined limit of use has been reached.
10. The device as claimed in claim 9, wherein said device processing means comprise a program contained in said device memory means.
11. An information processing system for executing secure operations between a first portable object and a second portable object which require holding rights held by the first portable object said system having an information processing device, the information processing device comprising device processing means and device memory means for performing general nonsecure operations, reader means for cooperating with a portable object, and incorporating a security module which comprises module processing means and module memory means for performing specific secure operations, said module memory means being nonvolatile and read-write accessible to module processing means but at least write-protected from outside the module, said first and said second portable objects comprising respective first and second object processing means and first and second object memory means for performing specific secure operations, said first and said second object memory means being nonvolatile and read-write accessible to first and second object processing means, respectively, but at least write-protected from outside the first and the second portable objects, respectively, said rights being stored in said first and said second object memory means respectively, said device processing means comprising: means for triggering and controlling a communication between said module and said first portable object through said reader means; means for copying said rights from said first object memory means to said module memory means under the control of said module processing means; means for stopping communication between first portable object and information processing device; means for performing said secure operations, by cooperating with said second portable object and by deriving said rights from said module and said second portable object is in lieu of the first portable object.
12. The device as claimed in claim 11, wherein said device processing means comprise a program contained in said device memory means.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.